Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: escape html tag value

Browse Source
This commit is contained in:
Laurent Destailleur
2012-05-09 18:48:16 +02:00
parent d0c0a0a42c
commit 62a1dd1912
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/admin.lib.php
View File

@@ -1105,7 +1105,7 @@ function form_constantes($tableau)
}
else
{
print '<input type="text" class="flat" size="48" name="constvalue" value="'.$obj->value.'">';
print '<input type="text" class="flat" size="48" name="constvalue" value="'.dol_escape_htmltag($obj->value).'">';
print '</td><td>';
print '<input type="hidden" name="consttype" value="chaine">';
}